From ea3d749f2a9b80c3ed1d3c8578c673b0f4149b0f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 5 Apr 2018 10:07:19 -0400 Subject: [PATCH] - Synchronized data. --- 2018/7xxx/CVE-2018-7035.json | 48 ++++++++++++++++++++++++++++++++++-- 2018/9xxx/CVE-2018-9243.json | 48 ++++++++++++++++++++++++++++++++++-- 2018/9xxx/CVE-2018-9244.json | 48 ++++++++++++++++++++++++++++++++++-- 3 files changed, 138 insertions(+), 6 deletions(-) diff --git a/2018/7xxx/CVE-2018-7035.json b/2018/7xxx/CVE-2018-7035.json index 1463b4fdbf3..8b31be0183b 100644 --- a/2018/7xxx/CVE-2018-7035.json +++ b/2018/7xxx/CVE-2018-7035.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-7035", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/gleez/cms/issues/794", + "refsource" : "MISC", + "url" : "https://github.com/gleez/cms/issues/794" } ] } diff --git a/2018/9xxx/CVE-2018-9243.json b/2018/9xxx/CVE-2018-9243.json index 5fab9e4e19d..cd716bea328 100644 --- a/2018/9xxx/CVE-2018-9243.json +++ b/2018/9xxx/CVE-2018-9243.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-9243", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/", + "refsource" : "MISC", + "url" : "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/" } ] } diff --git a/2018/9xxx/CVE-2018-9244.json b/2018/9xxx/CVE-2018-9244.json index b845d96fcbc..34b38aad9cf 100644 --- a/2018/9xxx/CVE-2018-9244.json +++ b/2018/9xxx/CVE-2018-9244.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-9244", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/", + "refsource" : "MISC", + "url" : "https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/" } ] }